Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KMSauto-setup.exe
-
Size
3.8MB
-
Sample
230421-nhkmwahb4y
-
MD5
c7e2bb8d867d4f4bb484cfe674a16c55
-
SHA1
fdd4fbd30bc2db3faf199799bb732dbf3a137a1a
-
SHA256
727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6
-
SHA512
c8596183949d7c888724374f48c202b2f96af8a32654234f746124b0a3476682ab109c7bc293a4c5a8b8e0661a56c954ab467c5d86b9b789237f86acadd596d3
-
SSDEEP
98304:CpyfN3PlMJaE15aViYyf6L0c6veW0YDr9C3PVbiUk:SyfQJt15RY66gnZvJUk
Static task
static1
Behavioral task
behavioral1
Sample
KMSauto-setup.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
KMSauto-setup.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
0215
badinytlesi.xyz:80
yaliesarevi.xyz:80
-
auth_value
c9dd5ca07f69257239203a3c44bb8a57
Targets
-
-
Target
KMSauto-setup.exe
-
Size
3.8MB
-
MD5
c7e2bb8d867d4f4bb484cfe674a16c55
-
SHA1
fdd4fbd30bc2db3faf199799bb732dbf3a137a1a
-
SHA256
727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6
-
SHA512
c8596183949d7c888724374f48c202b2f96af8a32654234f746124b0a3476682ab109c7bc293a4c5a8b8e0661a56c954ab467c5d86b9b789237f86acadd596d3
-
SSDEEP
98304:CpyfN3PlMJaE15aViYyf6L0c6veW0YDr9C3PVbiUk:SyfQJt15RY66gnZvJUk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-